https://bugs.winehq.org/show_bug.cgi?id=49515
--- Comment #15 from Matthew Toseland toad@amphibian.dyndns.org --- Adding the Thawte root CA does not solve the problem. osslsigncode already accepts the signature but maybe it has a separate certificate store; adding the CA *did* change something according to update-ca-certificates.
Is it possible to find out what certificate verification is failing?